Related Stories

OTTAWA — Cyber attacks such as the one that exploited the Heartbleed bug to steal about 900 Canadians’ social insurance numbers could become increasingly common, an expert says.

The Canada Revenue Agency was forced to shut down its website for four days last week after learning its systems had been compromised by the Heartbleed bug — a virus that essentially leaks encrypted data.

On Monday, CRA commissioner Andrew Treusch said “someone exploiting the Heartbleed vulnerability” stole about 900 social insurance numbers over a six-hour period.

“We are currently going through the painstaking process of analyzing other fragments of data, some that may relate to business, that were also removed,” Treusch said in a statement.

Cyber security expert Raymond Vankrimpen says anyone whose SIN was stolen should be wary of offers for credit cards or other credit services.

Vankrimpen says he wasn’t surprised the CRA was attacked, but the “size and scope” of the breach is significant.

“This vulnerability shows that even if we put the best security practices in place, we’re still vulnerable,” he told QMI Agency.

The CRA will send information via registered mail to the Canadians whose privacy may have been breached.

“The CRA will provide those who have been affected with access to credit protection services at no cost,” Treusch said. “We will apply additional protections to their CRA accounts to prevent any unauthorized activity.”

For those affected, the primary concern is vulnerability to identity theft.

A spokesman for Communications Security Establishment Canada said it’s working to defend the government’s networks.

“CSE’s IT security team has been assessing the impact on government networks and advising government departments on mitigation and protection measures to address the Heartbleed bug,” Ryan Foreman said.